By Elaine J. Hom, Associate Editor
Virtualization has gone from IT buzzword to IT staple, so it's vital for networking professionals to understand how server virtualization and networks affect each other. In a server virtualization environment, every host server abstracts and extends the network into its hypervisor, where a virtual switch manages traffic between virtual machines. Server virtualization also introduces I/O bottlenecks and bandwidth capacity problems on the physical network by increasing the amount of traffic generated by individual physical servers. Consequently, virtualization networking -- or networking for virtualization -- is on every networking professional's agenda.
In this guide, networking professionals can learn about managing virtualization networking, distributed virtual switching, network capacity planning for virtualization and more.
TABLE OF CONTENTS
Considerations for virtual server networking
•Planning for virtualization networking
•Virtualization and network configuration
•The human factor in virtualization networking
•Virtualization and network performance
Managing virtualization through the network
•Virtual switching: Managing virtualization through the network
•802.1Q VLAN tagging
•Network management in a virtualized environment
|Considerations for virtual server networking|
Server virtualization networking requires involvement from the networking team at several key points -- including network capacity planning, configuration mapping and management, and network automation -- to support fluid virtual machines and changing traffic patterns.
Check out the resources below in each category to find out more about network considerations for virtualization.
Planning for virtualization networking
In planning for virtualization, network managers must remember that demand for power and network capacity changes depending on peak traffic hours. For example, when the number of physical servers is reduced, the number of users on each server increases proportionately. Power usage and network utilization for those servers must be monitored and managed accordingly, and network managers must be ready to turn bandwidth up and down depending on need.
- Data center networks and virtualization: Who has the silver bullet?
Virtualization and network configuration
While virtualization can save companies quite a bit of money by reducing the number of physical servers in the data center, it can also cause headaches for network managers trying to map and manage ever-changing network configuration. Virtual machine (VM) sprawl can also cause security problems since it is difficult to set a security configuration that will follow a moving virtualized application. Many IT organizations solve this by setting up clusters of physical servers for similar applications that require comparable security and network settings. But as application demand grows, these clusters will run out of capacity, requiring manual network reconfigurations.
Network automation software can solve this problem by automatically allocating the necessary bandwidth and power while provisioning VMs to handle workloads on demand.
Server virtualization also impacts the network by creating constantly changing and multiplying media access control (MAC) addresses. MAC addresses are generally burned into the network interface cards (NICs) on the servers and are a fixed value in a non-virtualization environment. But in a virtualized environment, a MAC address can change during "cold migration" -- when a VM is shut down and moved from one location to another. Any configurations built around the old MAC address will no longer apply to the new address. While this isn't a prolific problem (as there aren't many instances in which network admins configure things based on the MAC address), it is a problem where these configurations do exist.
- Data center network automation tool: Lab-style provisioning in the cloud
- Live Migration: Troubleshooting storage and network configurations
- The CIO shell game: Greg Ness
- Virtualization adds urgency to core network services business
The human factor in virtualization networking
One of the biggest challenges the IT team faces with virtualization is the requirement for more collaboration between the network team and the server team. The implementation of VLANs is the perfect example of the need for teamwork. VLANs are crucial in managing network traffic flow in a virtual environment, but they are tightly integrated into server management as well. VLAN configuration occurs on switches and on physical servers running the server virtualization software.
Network admins and server admins will also need to share information about which NICs are plugged into which network ports for link aggregation purposes, which allows the virtualization solution to provide redundancy and/or more efficient use of multiple physical NICs.
- Data center network infrastructure trends: Networking professionals must insert themselves into the data center conversation
- IT job security fears over cloud computing: Network jobs still vital
- Virtual switch standards: Let the fighting begin (again)
- Virtual network switches give the networking team more of a role in virtualization
Virtualization and network performance
Server virtualization can seriously affect network performance. The consolidation of workloads onto fewer physical servers can affect traffic flow within the network, disrupting network performance and throughput. In a non-virtualized environment, fixed-configuration switches, or "rack switches," provide uplinks to the core network, and traffic aggregation occurs within the rack switch itself. But when server virtualization is implemented, traffic aggregation occurs at the physical server level, not on the rack switch. Server workload consolidation leads to heavier use of the network links to the physical servers. Using a rack switch to uplink to the core to try to aggregate already aggregated traffic can result in bottlenecks and thus major problems in network performance and throughput.
Site consolidation can also affect network latency. With enterprises consolidating multiple data centers and pulling out branch office data systems, the entire wide area network (WAN) can be affected. Let's take this analogy from Harold Byun, senior product marketing manager at Riverbed: 200 passengers need to drive from New York to Los Angeles. A small car that can carry only five passengers at a time would need to make 40 roundtrips to get everyone to LA. Building a new freeway with wider lanes and better traffic flow won't help -- the car still has to make 40 trips, no matter how you cut it. With great distance over a WAN, a network will experience latency, regardless of how upgraded the network link is. The solution is to minimize the number of "trips" that applications must make across the network. By encapsulating the overhead of standard office application protocols, which are running over a wider network in a more consolidated virtual environment, the network can make fewer trips to carry data. With this analogy, large buses that can carry 50 passengers would be replacing the cars, reducing the number of trips from 40 to four.
Another solution would be WAN acceleration. This can be achieved with WAN optimization controllers (WOCs), which are a type of virtual appliance based on network appliance software running on a VM. Other virtual appliances include application delivery controllers (ADCs), and virtual appliances work in conjunction with virtual desktops and virtual servers.
- VIDEO: How virtualization affects the network
- Network availability considerations for virtualization
|Managing virtualization through the network|
Virtualization networking was once a game of hit or miss for network managers, but the emergence of third-party virtual switches and distributed virtual switching strategies has given the networking team more control over the environment. In this section, learn about distributed virtual switch implementation and managing virtual servers through networking.
Virtual switching: Managing virtualization through the network
A virtual switch is software that emulates a physical Ethernet switch and allows one VM to communicate with another. The switch inspects packets before passing them on and is often included as part of virtualization software or in a server's hardware as part of its firmware. Because of this, the server management team usually claims responsibility for management of virtual switches. But proposed changes to virtual switch standards, including the Virtual Ethernet Port Aggregation (VEPA) and the VN-Tagging port extension approach, give the networking team more control over the virtual switching that takes place in server virtualization. How the proposed changes will affect the relationship between the server and network teams is anyone's guess, but data center managers and CIOs need to keep the possible disharmony in mind.
As previously mentioned, a major challenge with virtualization is figuring out how to move VMs across physical hosts without continuously having to reconfigure them individually. Virtual switching can address this challenge.
Technologies like VMware's vSwitch and vSphere can make this happen by combining the resources of multiple physical hosts. Among vSphere's networking features are distributed vSwitches, which allow a single switch to be used across multiple hosts; private VLANs, which let administrators control and restrict communication between VMs on a vSwitch; and IPv6 support, which allows for the 16-byte, hexadecimal IPv6 addresses that will become more widely used once the industry starts to experience exhaustion of IP addresses supported by IPv4. But these technologies can cause a bottleneck. Administrators can address this by using virtual switches in conjunction with virtual appliances, such as the Arista virtual Extensible Operating System (vEOS), which can make the vSwitch more scalable for network administrators.
Managing virtual switches is no easy feat. There are several virtual switch problems, including limited traffic visibility, poor manageability, and inconsistent network policy enforcement, as well as limited I/O bandwidth. (Read more about virtual switch challenges.) But some solutions to these virtual network switch woes exist, including edge virtualization technologies such as distributed virtual switching (DVS), edge virtual bridging (EVB) and single root I/O virtualization (SR-IOV).
DVS is the aggregation of multiple virtual switches. It simplifies a network engineer's task by allowing him to configure servers in clusters across the network instead of configuring each one individually. The control plane and the data plane of the virtual switch are de-coupled, allowing the data planes of multiple virtual switches to be controlled by an external centralized management system. This de-coupling allows the vSwitch control plane to be tightly integrated with the control planes of physical access switches and/or the virtual server management system. With DVS, the shortcomings of traditional vSwitches can be addressed.
The Cisco Nexus 1000v distributed virtual switch is an option for addressing vSwitch shortcomings. It works with any manufacturer's physical switch, so non-Cisco physical networks can use the 1000v for virtual network management.
- Open vSwitch: Can you use an open source distributed virtual switch?
802.1Q VLAN tagging
Configuring vSphere VLANs is as challenging and complex as establishing VLANs in a typical physical network. 802.1Q VLAN tagging is a popular method for tackling the problem of configuring vSphere VLANs. The 802.1Q networking standard allows multiple bridged networks to transparently share the same physical network link without leaking of information among the networks. 802.1Q VLAN tagging allows for multiple VLANs to be used on a single physical switch port, enabling a network administrator to reduce the number of physical NICs on a server from one per VLAN to one per host.
Tagging applies tags to all network frames to identify them as belonging to a particular VLAN. The types of VLAN tagging include virtual machine guest tagging (VGT mode), external switch tagging (EST mode), and virtual switch tagging (VST mode). VST mode is the most commonly used with VLANs in vSphere because it's the easiest to configure and manage, and it also eliminates the need to install a specific VLAN driver inside a virtual machine. (Find out how to configure VST mode for vSphere VLANs here.)
- VLAN guide for networking professionals
Network management in a virtualized environment
It's not easy to manage virtual network relationships. In the "old days," infrastructure was static. Applications lived on dedicated physical servers with static NICs that could be configured once and forgotten. But finding a way to "reconnect" physical resources and virtual workloads that are mobile and fluid is a challenge. Many vendors are developing products that offer an "end-to-end" view of physical resources and how they are being utilized by virtual workloads at any given time. In the meantime, there are various steps toward managing virtual network relationships that an IT organization can take, including documentation, live migration limitation, and management tools.
Another important tool in virtualization network management is network change and configuration management (NCCM), which is significantly more challenging in a virtualized environment. Use this primer on virtualization change and configuration management to further your understanding of this concept.
Virtualization selection and the enterprise network
- Server virtualization standards may fix network management, security
- Compliance in a virtualized world: Server virtualization and NAC security
- Virtualization: The next generation of application delivery challenges